Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain_unittest.cc

Issue 2078653002: Add an out parameter to VerifyCertificateChain for retrieving the trusted chain. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Added test and made suggested changes Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain_pkits_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include "base/base_paths.h" 7 #include "base/base_paths.h"
8 #include "base/files/file_util.h" 8 #include "base/files/file_util.h"
9 #include "base/path_service.h" 9 #include "base/path_service.h"
10 #include "base/strings/string_split.h" 10 #include "base/strings/string_split.h"
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 107
108 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; 108 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain;
109 for (const auto& cert_der : chain) { 109 for (const auto& cert_der : chain) {
110 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( 110 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector(
111 reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(), 111 reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(),
112 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, &input_chain)); 112 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, &input_chain));
113 } 113 }
114 114
115 SimpleSignaturePolicy signature_policy(1024); 115 SimpleSignaturePolicy signature_policy(1024);
116 116
117 bool result = 117 std::vector<scoped_refptr<ParsedCertificate>> trusted_chain;
118 VerifyCertificateChain(input_chain, trust_store, &signature_policy, time); 118 bool result = VerifyCertificateChain(input_chain, trust_store,
119 &signature_policy, time, &trusted_chain);
120 if (result) {
121 ASSERT_EQ(trusted_chain.size(), input_chain.size() + 1);
eroman 2016/06/16 22:55:01 This is true for most if not all the tests. I gues
ryanchung 2016/06/16 23:13:09 All tests passed locally. Will let try bot confirm
122 ASSERT_TRUE(std::equal(input_chain.begin(),
123 input_chain.begin() + input_chain.size(),
eroman 2016/06/16 22:55:01 nit: input_chain.end()
ryanchung 2016/06/16 23:13:09 Done.
124 trusted_chain.begin()));
125 ASSERT_TRUE(trust_store.IsTrustedCertificate(trusted_chain.back().get()));
126 } else {
127 ASSERT_EQ(trusted_chain.size(), 0u);
128 }
119 129
120 ASSERT_EQ(expected_result, result); 130 ASSERT_EQ(expected_result, result);
121 } 131 }
122 132
123 TEST(VerifyCertificateChainTest, TargetAndIntermediary) { 133 TEST(VerifyCertificateChainTest, TargetAndIntermediary) {
124 RunTest("target-and-intermediary.pem"); 134 RunTest("target-and-intermediary.pem");
125 } 135 }
126 136
127 TEST(VerifyCertificateChainTest, UnknownRoot) { 137 TEST(VerifyCertificateChainTest, UnknownRoot) {
128 RunTest("unknown-root.pem"); 138 RunTest("unknown-root.pem");
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
228 RunTest("non-self-signed-root.pem"); 238 RunTest("non-self-signed-root.pem");
229 } 239 }
230 240
231 // Tests that verifying a chain with no certificates fails. 241 // Tests that verifying a chain with no certificates fails.
232 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) { 242 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {
233 TrustStore trust_store; 243 TrustStore trust_store;
234 der::GeneralizedTime time; 244 der::GeneralizedTime time;
235 std::vector<scoped_refptr<ParsedCertificate>> chain; 245 std::vector<scoped_refptr<ParsedCertificate>> chain;
236 SimpleSignaturePolicy signature_policy(2048); 246 SimpleSignaturePolicy signature_policy(2048);
237 247
238 ASSERT_FALSE( 248 ASSERT_FALSE(VerifyCertificateChain(chain, trust_store, &signature_policy,
239 VerifyCertificateChain(chain, trust_store, &signature_policy, time)); 249 time, nullptr));
240 } 250 }
241 251
242 // TODO(eroman): Add test that invalidate validity dates where the day or month 252 // TODO(eroman): Add test that invalidate validity dates where the day or month
243 // ordinal not in range, like "March 39, 2016" are rejected. 253 // ordinal not in range, like "March 39, 2016" are rejected.
244 254
245 } // namespace 255 } // namespace
246 256
247 } // namespace net 257 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/verify_certificate_chain_pkits_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698